[Security] PGP (XEP-0027)
dave at cridland.net
Tue Jun 2 14:56:20 CDT 2009
On Tue Jun 2 18:56:35 2009, Jonathan Schleifer wrote:
> What if DSA gets completely broken someday? Then we're screwed. And
> we want to be algorithm-independant, we need to implement something
> very similar to OpenPGP anyway.
Which, incidentally, can use PGP keys.
But in any case, I don't think the crypto is actually the tricky bit
with single-message stuff, it's formatting, since ideally you want to
sign everything (including <iq/>) in a way that lets those signatures
be ignorable to naïve actors, which is going to be a tough one to
solve. (Easy for messages, but impossible for <iq/> as far as I can
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Security